Apple Updates - Basics

MBrownUoG
Contributor

Hey again folks.

Apologies, but yet another basic question.

We recently retired the Jamf NetSUS server in our environment, and before we go down the route of building a new one, we wanted to trial just allowing the Macs to go out to Apple and pull down updates, since that seems to be the way Apple are ultimately heading.

As such, we took off the configuration profile pointing the Macs towards our old NetSUS box, then set up a static test group of machines set to run a standard jamf "software update" policy every day, set to install updates direct from Apple. Then the plan was just to bite the bullet and push updates to the rest of the estate roughly once every two weeks if we're confident all is ok with the current batch.

However, on checking the machines that have run the policy already, I can see the likes of Safari and iTunes have picked up updates where necessary, but none of the machines are updating between OSX versions. So we have a lot of Macs stuck on 10.13.4 rather than 10.13.6, for example.

Am I missing something with the way we should be deploying these? Is using the "Software Update" policy within Jamf and pointing it towards Apple's servers incorrect?

Thanks for your help everyone, as ever.

3 REPLIES 3

MBrownUoG
Contributor

Realised this is a bit of a wall of text... apologies.

The summary of the question is: should the Jamf "Software Update" policy payload, pointed at Apple's update servers, pick up major releases to go between versions? i.e. 10.13.4 to 10.13.5, etc?

wesleya
Contributor

Yes, in my experience that is how the Software Updates payload works. It should go handle the minor release 10.x.1 to 10.x.2 and security updates. I prefer using Apple's built-in tools for updating the operating system (we use a script to enable automatic updates), but these work too.

MBrownUoG
Contributor

Maybe that's where we're going wrong with this. We have a script in place to disable automatic updates on all our Macs, and I had presumed the Jamf policy would override this when it's running, but is it worth turning automatic updates on, running the Jamf payload and then turning them back off again?